cfwirth
asked on
SMTP Send Logs and Spam
I believe we are having spam sent through our Exchange 2007 server. Below is an excerpt from one of the SMTP send logs. I have made a configuration change in our Sonicwall firewall to only allow outbound SMTP port 25 to be used by the Exchange server but I am still seeing in the SMTP send logs messages with a MAIL FROM: <>. Is it possible that the either the Exchange server has a spam bot or that it is being used as an open SMTP relay? I thought SMTP relay was turned off by default. We have been blacklisted only by backscatterer.org at this time. How would I go about trying to figure what the problem is? Thanks.
10.0.0.16:25056,85.115.58. 190:25,>,M AIL FROM:<> SIZE=11126,
10.0.0.16:25056,85.115.58. 190:25,>,R CPT TO:<lesliedevorah@alfa.com >,
10.0.0.16:25056,85.115.58. 190:25,<,2 50 2.0.0 Reset state,
10.0.0.16:25056,85.115.58. 190:25,<,2 50 2.1.0 <>... Sender ok,
10.0.0.16:25056,85.115.58. 190:25,<,2 50 2.1.5 <lesliedevorah@alfa.com>.. . Recipient ok,
10.0.0.16:25056,85.115.58. 190:25,>,D ATA,
10.0.0.16:25056,85.115.58. 190:25,<," 354 Enter mail, end with ""."" on a line by itself",
10.0.0.16:25056,85.115.58. 190:25,<,4 51 4.3.2 Please try again later,
10.0.0.16:25056,85.115.58. 190:25,>,Q UIT,
10.0.0.16:25056,85.115.58.
10.0.0.16:25056,85.115.58.
10.0.0.16:25056,85.115.58.
10.0.0.16:25056,85.115.58.
10.0.0.16:25056,85.115.58.
10.0.0.16:25056,85.115.58.
10.0.0.16:25056,85.115.58.
10.0.0.16:25056,85.115.58.
10.0.0.16:25056,85.115.58.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.